ci: bump actions/setup-python from 5.5.0 to 6.2.0 #34

	name: CI

	on:
	push:
	branches: [main]
	pull_request:

	permissions:
	contents: read

	jobs:
	pre-commit:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.13'
	- run: pip install pre-commit
	- run: pre-commit run --all-files --show-diff-on-failure --color=always


	test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.13'
	- name: Install package and dev dependencies
	run: pip install -e ".[dev]"
	- name: Run tests
	run: pytest

	zizmor:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.13'
	- name: Install zizmor
	run: pip install zizmor
	- name: Run zizmor
	run: zizmor --min-severity medium .github/

	security:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: write
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- uses: ./
	with:
	bandit_scan_dirs: src
	package_manager: uv
	post_pr_comment: ${{ github.event_name == 'pull_request' }}

Provide feedback